Federal law enforcement routinely tracks individuals through their credit cards, cell phones, car rentals and even store customer loyalty programs without obtaining a warrant, an online privacy activist has discovered.
According to a document (PDF) obtained from the Department of Justice by online privacy activist Christopher Soghoian, federal agents working on a criminal investigation can draw up their own paperwork requesting that credit companies and retailers give the agents real-time access to purchases made by a particular person.
No court reviews these orders, and the only role courts play in the process is to issue a non-disclosure order to the retailer or credit card company involved, meaning the person being tracked will never be notified of the surveillance.
The process is known as a “hotwatch,” and it can be used to spy on cell phones, credit card use, purchases at stores when a customer loyalty card is used, car rentals, and flight ticket purchases. The process “sidestep[s] any Fourth Amendment protections,” Soghoian writes.
Ryan Singel at Wired notes the document doesn’t set out standards for when an agent can obtain a “hotwatch” order. “The Justice Department told Soghoian the document is the only one it could find relating to ‘hotwatches’ — which means there is either no policy or the department is withholding relevant documents.”
Reporting on his blog, Soghoian, a grad student at the University of Indiana and noted online privacy activist, suggests the government has been working to keep “hotwatches” secret. He said he first came across a mention of “hotwatches” while researching a 2005 court case that tested the limits of the government’s ability to collect data from cell phone companies.
“A search of Google, Lexisnexis and Westlaw revealed nothing related to ‘hotwatch’ orders, and so I filed a FOIA request to find out more,” Soghoian writes. “If the government ‘routinely’ applies for and obtains hotwatch orders, why wasn’t there more information about these?”
Soghoian says it took him a year-and-a-half to get his answer from the Justice Department. The department initially blocked the release of the document outlining “hotwatches,” but Soghoian successfully appealed the decision.
Singel reports that, while federal law enforcement agencies are obligated to report on the number of wiretaps they issue, including national security letters, they are evidently not required to report on the use of “hotwatches.”
The following copy of the Justice Department’s “hotwatch” outline comes courtesy of Christopher Soghoian.